package com.cskaoyan.controller;

import com.cskaoyan.bean.AuthRespVo;
import com.cskaoyan.bean.BaseRespVo;
import com.cskaoyan.bean.DataBean;
import com.cskaoyan.bean.InfoBean;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Map;

@RestController
public class AuthController {

    /*@RequestMapping("admin/auth/login")
    public BaseRespVo login(@RequestBody Map map) {
        String username = (String)map.get("username");
        String password = (String)map.get("password");
        //执行登录业务，并且响应结果
        //登录业务先略，Shiro框架之后写这部分业务
        DataBean dataBean = new DataBean();
        DataBean.AdminInfoBean adminInfo = new DataBean.AdminInfoBean();
        adminInfo.setAvatar("https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/logo/logo_white-d0c9fe2af5.png");
        adminInfo.setNickName("admin123");
        dataBean.setAdminInfo(adminInfo);
        //token是sessionId
        dataBean.setToken("587e315d-0ac3-47a0-9857-7e625ce866ee");
        return BaseRespVo.ok(dataBean);
    }*/

    //可以做窄化请求
    @RequestMapping("admin/auth/info")
    public BaseRespVo info(String token) {
        Subject subject = SecurityUtils.getSubject();
        Serializable id = subject.getSession().getId();
        System.out.println("info请求的SessionId：" + id);
        //查询用户信息
        //来源于数据库（自己来写）
        //token是用来获得用户信息，来源Shiro
        //先假定一个用户id来做其他信息的查询

        InfoBean infoBean = new InfoBean();
        infoBean.setAvatar("https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/logo/logo_white-d0c9fe2af5.png");
        infoBean.setName("admin123");
        ArrayList<String> perms = new ArrayList<>();
        perms.add("*");
        infoBean.setPerms(perms);

        ArrayList<String> roles = new ArrayList<>();
        roles.add("超级管理员");
        infoBean.setRoles(roles);
        return BaseRespVo.ok(infoBean);
    }

    //shiro认证
    @RequestMapping("admin/auth/login")
    public BaseRespVo login(@RequestBody Map map) {
        String username = (String)map.get("username");
        String password = (String)map.get("password");

        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken authenticationToken = new UsernamePasswordToken(username, password);
        subject.login(authenticationToken);
        //subject.login → 认证 → Authenticator执行认证 → realm的doGetAuthenInfo
        //可以获得认证状态
        boolean authenticated = subject.isAuthenticated();
        //获得用户信息 → realm里的doGetAuthenInfo中的构造的Principal信息
        Object primaryPrincipal = subject.getPrincipals().getPrimaryPrincipal();

        //执行登录业务，并且响应结果
        //登录业务先略，Shiro框架之后写这部分业务
        DataBean dataBean = new DataBean();
        DataBean.AdminInfoBean adminInfo = new DataBean.AdminInfoBean();
        adminInfo.setAvatar("https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/logo/logo_white-d0c9fe2af5.png");
        adminInfo.setNickName("admin123");
        dataBean.setAdminInfo(adminInfo);
        //token是sessionId
        dataBean.setToken((String) subject.getSession().getId());
        System.out.println("login请求的sessionId：" + subject.getSession().getId());
        return BaseRespVo.ok(dataBean);
    }
}
